Merge "Introduce scope_types in os-hypervisors"
This commit is contained in:
commit
34540068d7
|
@ -23,9 +23,9 @@ BASE_POLICY_NAME = 'os_compute_api:os-hypervisors'
|
||||||
|
|
||||||
hypervisors_policies = [
|
hypervisors_policies = [
|
||||||
policy.DocumentedRuleDefault(
|
policy.DocumentedRuleDefault(
|
||||||
BASE_POLICY_NAME,
|
name=BASE_POLICY_NAME,
|
||||||
base.RULE_ADMIN_API,
|
check_str=base.RULE_ADMIN_API,
|
||||||
"""Policy rule for hypervisor related APIs.
|
description="""Policy rule for hypervisor related APIs.
|
||||||
|
|
||||||
This rule will be checked for the following APIs:
|
This rule will be checked for the following APIs:
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@ show details for a hypervisor, show the uptime of a hypervisor,
|
||||||
search hypervisor by hypervisor_hostname pattern and list all
|
search hypervisor by hypervisor_hostname pattern and list all
|
||||||
servers on hypervisors that can match the provided
|
servers on hypervisors that can match the provided
|
||||||
hypervisor_hostname pattern.""",
|
hypervisor_hostname pattern.""",
|
||||||
[
|
operations=[
|
||||||
{
|
{
|
||||||
'path': '/os-hypervisors',
|
'path': '/os-hypervisors',
|
||||||
'method': 'GET'
|
'method': 'GET'
|
||||||
|
@ -65,7 +65,8 @@ hypervisor_hostname pattern.""",
|
||||||
'/os-hypervisors/{hypervisor_hostname_pattern}/servers',
|
'/os-hypervisors/{hypervisor_hostname_pattern}/servers',
|
||||||
'method': 'GET'
|
'method': 'GET'
|
||||||
}
|
}
|
||||||
]
|
],
|
||||||
|
scope_types=['system']
|
||||||
),
|
),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -114,3 +114,17 @@ class HypervisorsScopeTypePolicyTest(HypervisorsPolicyTest):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(HypervisorsScopeTypePolicyTest, self).setUp()
|
super(HypervisorsScopeTypePolicyTest, self).setUp()
|
||||||
self.flags(enforce_scope=True, group="oslo_policy")
|
self.flags(enforce_scope=True, group="oslo_policy")
|
||||||
|
|
||||||
|
# Check that system admin is able to perform operations
|
||||||
|
# on hypervisors.
|
||||||
|
self.admin_authorized_contexts = [
|
||||||
|
self.system_admin_context]
|
||||||
|
# Check that non-system-admin is not able to perform operations
|
||||||
|
# on hypervisors.
|
||||||
|
self.admin_unauthorized_contexts = [
|
||||||
|
self.legacy_admin_context, self.system_member_context,
|
||||||
|
self.system_reader_context, self.project_admin_context,
|
||||||
|
self.system_foo_context, self.project_member_context,
|
||||||
|
self.other_project_member_context,
|
||||||
|
self.project_foo_context, self.project_reader_context
|
||||||
|
]
|
||||||
|
|
Loading…
Reference in New Issue